Topic: Maximum Fragment Length Negotiation implementation bug

wolfSSL 3.2.0 does not properly implement Maximum Fragment Length Negotiation.

RFC 4366 states that:

Once a maximum fragment length other than 2^14 has been successfully
negotiated, the client and server MUST immediately begin fragmenting
messages (including handshake messages), to ensure that no fragment
larger than the negotiated length is sent.  Note that TLS already
requires clients and servers to support fragmentation of handshake

wolfSSL does not properly fragment handshake messages. The problem appears if certificates are bigger than negotiated Maximum Fragment Length.


Re: Maximum Fragment Length Negotiation implementation bug

You're right desowin,

Currently we don't do any fragmentation on handshake messages, so we must fix that prior to get full Maximum Fragment Length support. The fix is in our roadmap, but I don't have a release date for it yet.

[ ]'s